This extension calculate a valid WS security token for every request (In Proxy, Scanner, Intruder, Repeater, Sequencer, Extender), and replace variables in theses requests by the valid token.
Using Burp WS-Security
- This extension only change requests targeting in scope item. So you need to add the target in the scope.
- Go to the WSSecurity tab, fill the password field, choose if you need the nonce to be base64 encoded or not.
- Click “Turn WS-Security ON”. Now, for every request in scope, a valid security token will be created.
- In your request
- #WS-SecurityPasswordDigest will be replaced by the Password Digest
- #WS-SecurityNonce will be replaced by the Nonce
- #WS-SecurityCreated will be replaced by the correct time
- #WS-SecurityUUID will be replaced by a random UUID
- This extension will log in the Extender UI every request after change if you need to debug.
|Last updated||13 December 2019|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.